RPC service unavailable Server 2003/2008

I have two domain controllers, DC1 and DC2. DC2 is a new DC and is having problems becoming a full DC because it cannot replicate through the File Replication Service. DC1 is a MS server 2008 + DNS and DC2 is a virtual MS server 2003 + DNS. Using net share on DC2 shows that SYSVOL and NETLOGON shares are missing.
The Event Viewer, File Replication Service, on DC2, indicates a 13508 error every hour.
I have tried the following on both DCs:
netdiag /fix -no errors except domain controller failure on DC2
dcdiag /test:frsevent -error is, DC2 failed test frsevent
ntfrsutl version DC1 <FQDN and then DC2 <FQDN -both seem to work OK
ntfrsutl sets -this test indicates LastSndStatus: RPC_S_SERVER UNAVAILABLE
If I try to force replication from AD Sites and Services of DC2, I get an error, The naming context is in the process of being removed or is not replicated from the specified server.
This server, DC2, has been operating for several weeks, and nobody noticed it had not finished the DCPROMO cycle. I was going to demote it and try again, but it wont demote gracefully because it is not yet a full DC. So rather than the hassle of a forced demotion I thought I would try and fix it.
We have checked all the obvious things, like firewall, routers, anything that might block RPC. Using Event Viewer and connecting to another computer works both ways from DC2, but not from any other computer to DC2. The error reported is : The RPC server is unavailable. It has been my experience that almost all of these kinds of errors are traceable to a faulty DNS installation but I cant find anything wrong with the DNS.
I was hoping that maybe someone at Experts Exchange might have an answer we have overlooked. We are willing to try anything to resolve this problem.
Thank you
Brian

Wen you bring a new server on line, the SRV records and Host A records need to be put on that server, then replicated to other DCs, especially the replication partner. The SRV records are used for things like LDAP, replication, netlogon. Without those records straight, communication with the new server is difficult. You will probably see events 4004 and 4015 saying the DNS server doesn't exist. On top of all that, many problems with the RPC server occure when it relies upon these SRV records. The SRV records in DNS are important to the operation of the DC that has just come on line.

As far as a multihomed server, this is a problem with both NICs or IPs register the SRV records. Often on a multihomed server, you will see errors like "this DC does not exist or can not be contacted" This happens when the client conatcts the server via DNS and the server sees the one NIC as busy and sends out the reply for services on the wrong NIC.

In either case, the lack of SRV or too many NICS can prevent a direct path back to the client. However, you will still be able to join the domain and logon. You may, when requesting services from the Domain controller receive "Domain can't be contacted" or "there are currently no logon servers to process your request" or "RPC server not available"

It's not well documented that finishing up bringing a server on line will require you straighten out these SRV and HOST A records.

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

That is not a gaurantee that is your problem. Many things can knock down the RPC server. Endpoint mapper protection and CA certs can also make the RPC server unavailable. Even antivirus and firwalls that block out things above port 1024 could knock down the RPC server.

A reason for preventing the DC from promoting correctly can be that replication isn't working because the firewall is enabled and blocking the necessary ports. See http:/support.microsoft.com/kb/555381 for information about howto configuring DC-communication to work over firewall.

0

brianounstedAuthor Commented: 2008-06-25

Gentlemen, than you for your input.
I have been working on this problem on and off for about a week so I have checked the more obvious solutions. Some of the tests I have run are listed in my original help request.
I have throughly checked the SRV records and they seem correct and intact. I also compared the records to another operating system and they seem to match.
The only other error message I get, other than the 13508, is attched, along with the associated text. But as with many error messages there is little helpful information.
I think my next step is a forceful demotion and redo.
Thanks,
Brian

Did you check if there was any firewall involved? If so, you nead to specify what port AD and FRS shall use for replication instead of the default RPC-behavior with any random port over 1024. I see a typo in the KB-link I posted earlier about firewall configuration (missing a /), http://support.microsoft.com/kb/555381

Featured Post

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.